PT-2024-30179 · Langflow · Langflow
0Gur1O
·
Published
2024-10-31
·
Updated
2025-05-27
·
CVE-2024-42835
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
langflow version 1.0.12
Description
The issue is related to a remote code execution (RCE) vulnerability in the PythonCodeTool component. This vulnerability allows for the execution of arbitrary code on the target system by leveraging the use of
exec() in the PythonCodeTool component. A malicious JSON file can be imported to exploit this issue.Recommendations
For langflow version 1.0.12, as a temporary workaround, consider disabling the PythonCodeTool component until a patch is available.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Langflow